"Malicious software warning", then costant BSODs

P

piemanmoo

New member
Local time
7:45 AM
Messages
3
yesterday everything was good and fine, when suddenly I got a bubble notification saying there was a possibly of some malicious software. I wasn't browsing any new sites or anything, and it suddenly went blue screen on me. Now whenever I restart windows it looks like it's fine, then like one minute later it gives a blue screen and a restart (so fast I cant hardly read the stop error messages. I think it said stop error 0x000000a but I'm not sure)

anyhoo, here are my dump stuff per intructions
 

Attachments

My Computer My Computer

OS
Windows 7 64 bit
piemanmoo said:
yesterday everything was good and fine, when suddenly I got a bubble notification saying there was a possibly of some malicious software.
Click to expand...

Since the PC seems to be crashing in about a minute or so, obviously you won't be able to do a normal AV scan. So:

Boot into safe mode - with networking (to give you internet access)

open a browser and run:

ESET Online Virus Scanner | ESET

And see if it picks up any nasties.

Also download and install MBAM


Run MBAM in safemode as well.


The crash dumps all show system files which doesn't point to a specific culprit. Essentially the BSOD code doesn't matter that much.


See how you go after running the scans.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Systems by SmartEyeball
OS
8 Pro x64
CPU
i7 3770K 4.6GHz
Motherboard
ASUS P8Z77 WS
Memory
16GB G.Skill Trident X 2666mhz
Graphics Card(s)
x2 EVGA 780 Ti Superclocked SLI
Sound Card
SB X-FI Surround 5.1 PRO USB / ATH-AD900 Headphones
Monitor(s) Displays
x3 Dell U2410 / 58" Samsung
Screen Resolution
5760*1200/ 1920*1200
Hard Drives
2x Intel 520 240GB (RAID 0) * 2x WD Caviar Blacks 2TB (RAID 0) * 2TB WD Caviar Black * Sony Optirac DVD
PSU
Silverstone Strider Evolution 1200W
Case
Thermaltake Level 10 GT Snow Edition
Cooling
Noctua NH-D14
Keyboard
Topre Realforce // Ducky Shine MX Black // Filco Ninja TKL
Mouse
Thermaltake Theron (Highly Recommended) + Razer Imperator
Antivirus
MSE
Browser
IE, FF, WaterFox
Other Info
GT Extreme V2 Sim Racing Cockpit + 40" LCD and K/B Mouse stand ▼
Fanatec CSR Elite Wheel + Clubsport V1 Pedals + CSR shifter/7G-H ▼Saitek X52 Pro ▼ TrackIR 5 Pro
Buttkicker v2 Seat Rumbler with Dedicated 5.1 and Sub Woofer attached to frame ▼
=
Bloody Big Grin
MBAM found a few threats, but choosing to delete them required me to restart, lauching windows out of safemode where it thereupon crashed again.


As for the online scan, it also found some threats, listed below:

C:\ProgramData\Microsoft\Windows\DRM\AAC1.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\AAC2.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\CFE1.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\CFE2.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined


I will give it a try in normal mode and see if this time it's fixed anything
edit- It did not
 
Last edited:

My Computer My Computer

OS
Windows 7 64 bit
Fair chance it's still infected.

With the mbam threats, just let it detect them in safemode and then you can manually navigate and delete the threats yourself, rather than having mbam fail in normal mode.



It might be a good idea to have this thread moved to the security area where the folks are more used to cleaning systems might have a few more ideas on how to remove the infection.

(My personal method would be to back up my data and then do a fresh installation. However that method is not for everyone).
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Systems by SmartEyeball
OS
8 Pro x64
CPU
i7 3770K 4.6GHz
Motherboard
ASUS P8Z77 WS
Memory
16GB G.Skill Trident X 2666mhz
Graphics Card(s)
x2 EVGA 780 Ti Superclocked SLI
Sound Card
SB X-FI Surround 5.1 PRO USB / ATH-AD900 Headphones
Monitor(s) Displays
x3 Dell U2410 / 58" Samsung
Screen Resolution
5760*1200/ 1920*1200
Hard Drives
2x Intel 520 240GB (RAID 0) * 2x WD Caviar Blacks 2TB (RAID 0) * 2TB WD Caviar Black * Sony Optirac DVD
PSU
Silverstone Strider Evolution 1200W
Case
Thermaltake Level 10 GT Snow Edition
Cooling
Noctua NH-D14
Keyboard
Topre Realforce // Ducky Shine MX Black // Filco Ninja TKL
Mouse
Thermaltake Theron (Highly Recommended) + Razer Imperator
Antivirus
MSE
Browser
IE, FF, WaterFox
Other Info
GT Extreme V2 Sim Racing Cockpit + 40" LCD and K/B Mouse stand ▼
Fanatec CSR Elite Wheel + Clubsport V1 Pedals + CSR shifter/7G-H ▼Saitek X52 Pro ▼ TrackIR 5 Pro
Buttkicker v2 Seat Rumbler with Dedicated 5.1 and Sub Woofer attached to frame ▼
=
Bloody Big Grin
reading some of the other threads in this section, I went ahead and ran tdsskiller and it seems to have solved the problem.

thanks a bunch!
 

My Computer My Computer

OS
Windows 7 64 bit
Good to hear mate. Fingers crossed that's nailed it :)
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Systems by SmartEyeball
OS
8 Pro x64
CPU
i7 3770K 4.6GHz
Motherboard
ASUS P8Z77 WS
Memory
16GB G.Skill Trident X 2666mhz
Graphics Card(s)
x2 EVGA 780 Ti Superclocked SLI
Sound Card
SB X-FI Surround 5.1 PRO USB / ATH-AD900 Headphones
Monitor(s) Displays
x3 Dell U2410 / 58" Samsung
Screen Resolution
5760*1200/ 1920*1200
Hard Drives
2x Intel 520 240GB (RAID 0) * 2x WD Caviar Blacks 2TB (RAID 0) * 2TB WD Caviar Black * Sony Optirac DVD
PSU
Silverstone Strider Evolution 1200W
Case
Thermaltake Level 10 GT Snow Edition
Cooling
Noctua NH-D14
Keyboard
Topre Realforce // Ducky Shine MX Black // Filco Ninja TKL
Mouse
Thermaltake Theron (Highly Recommended) + Razer Imperator
Antivirus
MSE
Browser
IE, FF, WaterFox
Other Info
GT Extreme V2 Sim Racing Cockpit + 40" LCD and K/B Mouse stand ▼
Fanatec CSR Elite Wheel + Clubsport V1 Pedals + CSR shifter/7G-H ▼Saitek X52 Pro ▼ TrackIR 5 Pro
Buttkicker v2 Seat Rumbler with Dedicated 5.1 and Sub Woofer attached to frame ▼
=
Bloody Big Grin

My Computer My Computer

Computer Manufacturer/Model Number
Dell
OS
Windows 7 Ultimate x64
CPU
Intel i3-380M
Memory
3 GB DDR3
Graphics Card(s)
Intel HD Graphics 3000
Sound Card
Realtek Audio
Monitor(s) Displays
Laptop Integrated
Screen Resolution
1366 x 768
Hard Drives
320 GB SATA Disk
Case
Inspiron n5040 Laptop
Cooling
Laptop Integrated
Keyboard
Laptop Integrated
Mouse
Logitech USB
Internet Speed
2 Mb/s Download | 1Mb/s Upload
You must log in or register to reply here.

Similar threads

CCTV DVR and it's software program not continusely communicating
Replies
6
Views
2K
videobruce
V
Active X security warning pop up driving me nuts!
Replies
2
Views
2K
Stroppy
S
Windows Malicious Software Removal Tool update causes a profile change
Replies
7
Views
5K
wither 2
W
Win7 suddenly starts off with blue-screen boot manager
Replies
2
Views
804
bunalz
B
Several BSODs with different error messages (in no specific situations
Replies
1
Views
2K
Snick
Snick
Back
Top